Full Job Description
This position is responsible for the continuous technical and process development and implementation of the security requirements, based on the NIST 800-171 and DFARS in accordance with CMMC. These requirements must be implemented and maintained for four manufacturing sites, Valencia, CA, St. Marys, PA, Arkadelphia, AR and Sinking Springs, PA.
This position will functionally report to the Head of Information Security in Germany and legally to Head of Shared Services NA and should be able to present and discuss on management level, whilst having reasonable experience of at least five years in the technical and organizational information security business and a good knowledge of said requirements including ISO 27001.
Overall, the incumbent will be responsible for making and keeping the described sites CMMC compliant throughout the entire implementation phase and afterwards.
Skills/Experience:
• University Degree in IT or comparable, specialized professional experience
• 5 years of experience in Information Security
• Experience in Information Security Consulting
• Deep analytic skills for complex technical and organizational topics
• Experience with Export Controlled information, ITAR and CUI
• Strong communication and training skills
• Optimal would be experience in production related IT (OT)
Dimension / Complexity:
• 4 Sites, NA
• >15 Information Security Policies
• Inhomogeneous IT landscape
• Diverse technical landscape of very different maturity levels and high technical complexity
• Highly diverse stakeholders and needs (Management, Sales, Office, Production...)
• Cooperation with Data Privacy, Export Control, Compliance, and Legal
Key Accountabilities:
• Risk Assessment and consulting of IT and production departments on all information security related technical requirements
• In the context of IT projects, ensuring the required level of security in line with SGL's high requirements
• Definition of security-relevant framework parameters for technical solutions
• Implementation and continuous improvement of the information security management system (ISMS) following ISO 27001 standards including processes, requirements, regulations and leading documents.
• Integration and enforcement of Information Security Policies and exception evaluation.
• Identify and maintain legally binding requirements and ensure secure implementation and compliance during implementation and operation of IT equipment in any kind or form.
• Self-reliant and independent leading and processing of projects regarding time, scope and budget.
• Planning and execution of external supplier/certification audits (CMMC) and internal compliance audits to policies.
• Developing and execution of security trainings for SGL employees in the US
• Coordination and support of the policy compliant implementation of information security relevant access controls (NAC 802.1X, Firewall Changes, FIPS 140, Web Access, Cloud authentication and authorization (Conditional Access, ADFS, MFA, BYOD, etc.)
#CB1
What we offer:
SGL offers a competitive benefits package including:
• Medical and Prescription Drug coverage
• Dental insurance
• Vision insurance
• Employee Assistance Program (EAP)
• Flexible Spending Account (FSA)
• Health Savings Account (HSA)
• Basic Life and AD&D (Accidental Death & Dismemberment) insurance
• Short Term and Long Term Disability insurance
• Voluntary Spouse Life insurance
• Voluntary Child Life insurance
• 401k Savings Retirement Plan with employer match
• Vacation days
• Paid Holidays
#CB1
Our Promise:
Your workplace safety is our top priority. Timely salary payments? That's a given with us. We also foster a strong team spirit and value open communication - your opinion matters. Through regular feedback sessions, we support your professional development and ensure that you feel comfortable in your role and can fully utilize your skills. Join us - apply now!
Publication Date: May 29, 2026
Location: